Q u o t e O f T h e W e e k

We are concerned with keeping the time for the country here. So far
as time is concerned, that is what we take care of.

-- Dennis McCarthy, Director of Time, US Naval Observatory

Note added 1999-12-17:
Many, many readers pointed out that in the email edition I had placed
Dr. McCarthy at the Navel Observatory. Our government tax dollars at
work providing omphaloskepsis for the American people, yada yada. Geez. A
number of folks were kind enough to assume the error had been intentional.
Thanks but no. Nicholas Bodley branched this
Take
It Offline forum to provide a locus for calumny. Go to it.

By now you know that online toy retailer eToys, an Idealab company,
has taken a group of European artists to court and stripped them of
the domain name etoy.com, which the artists' collective owned years
before eToys even existed. Here's the first press account [1] of the
fiasco. This in-depth report by "Claire Barliant" was published in
the Village Voice on 1 December. (A nearly identical story [2] by
"Claire Adamsick" appeared the same day in the TwinCities City
Pages.) See [3] for a seemingly complete and up-to-date list of
media coverage on eToys/etoy. (Thanks to TBTF Irregular Ted Byfield,
whose research provided these links.)

This David-and-Goliath story may have found a resonance among that
part of the public that invests in Internet stocks. Here is a
comparison over the last three months [4] of eToys' (NASD: ETYS) stock
performance compared to an index of Internet stocks. Until very
recent days the price behavior of eToys visibly followed the same
trends as the rest of the Net stocks. Until 1 December. See this
close-up [5] of the 10 business days ending 10 December.

The conjecture that eToys' impolitesse may have impacted their stock
price started a lively debate on the TBTF Irregulars private mailing
list and drew concentrated scorn from Declan McCullagh on his
politech list. I've archived some of these comments (including
McCullagh's) on this Take It Offline forum [6] and invite your thoughts
on the matter. Simply visit the link and weigh in.

A reader pointed me to a new Web service offered by the newly
launched Backflip[7], which had been operating in stealth mode as
The iTixs Project. Backflip's founders were early employees at
Netscape. They offer a free service that personalizes Web searches.
For them to do this you need to entrust Backflip with your entire
browsing history and ongoing clickstream.

It'll probably be popular. Not for me though. In my view a site that
offers services whose price is extremely sensitive and personal data
ought to offer the strongest possible guarantees of user privacy.
(On Thanksgiving day the New York Times ran an article titled
"Storing your life in a Virtual Desktop" [8] at the top of their "Circuits"
section. I was interviewed for this piece and the reporter quoted my
extreme skepticism about the whole idea, on grounds of privacy and
security.)

I read through Backflip's privacy policy [9] and it's fine as far as
it goes, but here are two promises I wanted to see that are nowhere
to be found.

The Poison Pill. If we sell the company, it will only be on
terms that bind the purchaser in perpetuity to apply the same or
stronger privacy policies to Backflip's data.

The Divorce. You have the right, when cancelling your
account with Backflip, to request that we destroy all data
collected as part of our business relationship. We will email
you a confirmation that we have done so. Our data-lifecycle
policies and practices are audited by the Better Business Bureau.

I have seen no discussion of the need for privacy policies that provide
customers this level of assurance. Of all the privacy statements I've
read, only that of Junkbusters
[10] offers The Divorce.

If a database ever exists that catalogs every page I've visited, it
will be on my own hard disk, and nowhere else.

Note added 2003-08-31: Erstwhile TBTF reader Greg Weiss sent
this hopeful tale of a modern Web service that offers something
close to a Poison Pill clause.

I've had several of my friends send me
invitations to store my contact info in Plaxo
[10a]. The emails are a bit
in-your-face but tasteful enough I suppose...

I was debating whether or not to give them (a) my info and (b) my
whole contact list, such as it is. Now sales contact lists, a.k.a.
customer lists, are something I wouldn't necesarily want in someone
else's database, and I know while I don't have much of that, other
people at my current firm do.

So I went to read their privacy policy
[10b], looking to see
if they had a poison pill provision in case they "sold out."

They basically do have a... substitute that comes pretty close
-- they promise to notify you in case of "change of control" business
developments, and they also promise to notify you if the privacy
policy changes and you can take your data out before the new policy
takes effect.

Which is good enough, and I was delighted to see it. So I
thought I'd highlight this worthiness to you and thank you for passing
on the meme of "poison pill" privacy policies in the first place.

TBTF Irregular Eric Scheid writes from Down Under to mark the
overturning on appeal [11] of the pornography conviction of the former
head of Compuserve Germany. Felix Somm was convicted [12] in May 1998
by a Bavarian court for aiding in the distribution of pornography --
by failing to prevent such material from being distributed over the
Internet through his ISP. The charge was so ludicrously ignorant of
the actual workings of the Internet that the prosecutors, having
been convinced by the defense arguments, actually filed the appeal
as soon as the verdict had been read.

The case has been watched with great interest in Australia because
of the imminent implementation of a harsh Net censorship regime in
that country (see TBTF for 1999-05-08 [13]). This article [14] lays
out details of how the Australian Broadcasting Authority plans to
carry out the broad censorship of Net content. An excerpt:

Net users will have to supply Web site operators with sensitive
personal data if they wish to access R-rated material online.
According to a consultation paper by the ABA, an age
verification "restricted access system" must be in place on sites which
are likely to be classified R by the Classification Board. . .
Under the ABA proposal, persons seeking access to R-classified
material must provide a number of details including their name,
address, date of birth, email address, and credit card details
or digital signature.

TBTF has followed Germany's blundering attempts to censor the Net
since 1995 [15].

Now any ISP can offer domain-naming services thanks to rock-bottom
wholesale pricing

TUCOWS, which started out life as a Winsock shareware site, has
announced the OpenSRS project [16]. OpenSRS wholesales domain names at
$13 per name per year: it will allow any reseller -- ISP, Web site
operator, VAR, or Web hosting company -- to offer low-cost
domain-name registration services to customers. The resellers download and
customize (open-source) client software that talks to the
(proprietary) OpenSRS server. Resellers can register names for their
customers in real time.

While OpenSRS claims to "leverage Open Source principles," it's not
a true open-source project. Only the client software is available in
source form (under the GNU General Public License). All development
is done at TUCOWS. The server code is not released.

I spoke with Ross Wm. Rader <ross at tucows dot com>, architect and
prime mover on the OpenSRS project. He said the rollout had been
delayed by demand far in excess of what had been expected. Rader
said that signed-up OpenSRS resellers number in the "high 3 digits."
None is yet operational. I expect OpenSRS to make lots of waves when
their resellers go online early next year.

Network Solutions has sent a letter to all parties who have requested
invocation of NSI's Domain Name Dispute Policy, informing them that
the policy will be superseded on 1 January 2000 by ICANN's new Uniform
Dispute Resolution Policy [17]. NSI will not begin any new proceedings
under the old DNDP.

Furthermore, according to the Fross Zelnick E-LEGAL Letter (not
archived on the Web), on 1 January NSI will reopen all previous
disputes that resulted in the suspension of a domain name under the old
policy. If by 1 April 2000 the parties to each of these disputes
have not informed NSI that the dispute has been resolved, the domain
names in question will be reactivated. NSI has not made clear
whether the names will be reactivated if within 90 days the parties
involved begin dispute resolution under the new UDRP.

Meanwhile, the first UDRP dispute has been filed at the World
Intellectual Property Organization [18].

Internet Freedom, a cyber-liberties campaign in the UK, has just
announced [19] an
awards competition that intends to point an accusing
finger at examples of bad journalism on the subject of the Internet,
as well as to issue awards for good journalism. Capsule description:

The awards will name and shame the worst journalistic examples
of caricature, misrepresentation, or stereotyping of Net
users. The IFJA will also recognize high-quality journalism
and highlight good practice by journalists striving to report
news about the Internet.

The deadline for nominations [20] is December 31; awards will be
announced on January 8, 2000. The award categories:

Internet Article of Shame. For a news report, feature or opinion
piece distinguished by misrepresentation, bias, or invention of
inflated dangers about the Internet.

Internet Investigation of the Year. For a news story or feature
revealing attempts to regulate the Net.

The Fair Reporting News Agency of the Year. To a news organization
for consistently high standards in writing about the Net.

Internet Journalist of the Year. To a journalist for consistently
high standards in writing about the Net.

Bruce Schneier's excellent newsletter CRYPTO-GRAM (see TBTF Sources
[21]) alerted me to the work of Arjen Lenstra and Eric Verheul, who
have produced a model [22] by which you can calculate how strong your
cryptographic keys need to be. The authors claim that this is the
first uniform, properly documented treatment of the subject.

The model, which formulates a series of explicit hypotheses about
future developments and applies these to existing data about the
cryptosystems, will enable organisations to arrive at a balanced
evaluation of key size aspects when purchasing or developing
cryptographic applications. The resulting key size recommendations
are thus unbiased and not influenced by non-scientific
considerations.

The bulk of Lenstra and Verheul's conclusions are contained in a
single table [23]. I've excerpted the most salient data into a graph
[24] -- use it to read off the key length you'll need in 2015 to fend
off an adversary who will devote $40M over a year's time to the task
of breaking your key.

During a California trip several weeks ago I had occasion to visit
Gray Cell, the first Indian software company to win Silicon Valley
venture capital. The company has been working quietly for three
years in Bangalore and has now opened up an office in Campbell, CA
in preparation for launching Unimobile [25]. This is a free software
"device" that can talk to nearly any mobile gadget anywhere in the
world -- text-enabled cell phone, pager, PDA, email, and (of course)
another Unimobile. I was impressed by the product focus Gray Cell
has maintained in realizing the Unimobile device in "bits, not
atoms."

Gray Cell claims its database of worldwide phone services is the
most comprehensive in existence, and I have no reason to doubt it.
Do you know another service that can instantly tell you what
telephone company issued the cell phone attached of any random phone
number you choose to throw at it? If so I'd like to hear of it (and
so undoubtedly would Gray Cell).

The Unimobile isn't quite like anything that has come before -- Gray
Cell is opening up a new market. The device may not initially have
much application in the world of business. It's colorful, noisy,
fast, and fun. The product is targeted at young, technologically
savvy, and above all mobile consumers worldwide. The US lags much of
the rest of the world in its uptake of mobile and wireless
technology, so the Unimobile will at first find a larger audience elsewhere
than it does on these shores. (Gray Cell tells me they have two
entirely separate marketing plans, one for the US and one for
everywhere else.) An American may need a little time at first to
appreciate what the Unimobile can do, though I expect that a 15-year-old
Finn who lives on her cell phone would get it right away, so the
product and its Web site come with extensive tours, tutorials, and
help getting started. (The TBTF Irregulars [26] were privileged to
test an early version of the Unimobile, and since many of us are
Americans we may have influenced the amount and quality of
handholding available in the product.)

Gray Cell wants to build a worldwide community of connected users
who chat constantly with people on their buddy lists, and don't want
to give up chatting when they leave their desks and go out into the
world. The company will offer a growing roster of services to this
mobile community and draw revenue from sponsorships and other
non-intrusive forms of partnership. The Gray Cell executives I spoke to
were adamant that they will never beam advertising to Unimobile
users -- they truly "get it" that a mobile device is even more
personal than a personal computer. Blasting advertising to a user's
Unimobile would be an act akin to marching a brass band into a
Quaker meeting.

When you download [27]
and register a Unimobile, you get a free email
address -- mine is dawson@unimobile.com -- which you can point to
your normal email POP box, or to any text-capable device you travel
with. Any Unimobile user, or indeed anyone at all with Internet
access, can message you at your Unimobile address and you will receive
the message in seconds on whatever device you have configured at the
moment.

You can change the device's "skin" -- on-screen appearance and
behavior -- to resemble your PDA, or your pager, or your cell phone --
complete with the look & feel of whichever brand and model you're
most accustomed to. A number of skins will be included when the
product launches and more will come from mobile device companies,
hobbyists, etc. I expect Unimobile skins to be traded freely on Web
sites the way Nokia ring tones [28] are today. See what I mean about
the product not being targeted to business users? This soft device
is all about lifestyle.

Unimobile is a 3-MB download [27]. It runs only on Windows. Give it
a try.

Disclosure: I don't have any business relationship with Gray Cell,
nor any financial interest in the company. One of their employees,
Udhay Shankar, is a TBTF Irregular.

This BBC site [30] excerpts data from a Gartner Group assessment
of the worldwide effect of the Y2K bug. (I have not seen this
assessment. It appears the BBC began with an August 1999 Gartner
report and added more recent data.) The BBC shows estimates for 11
countries (I assume Gartner covered more), in 11 categories of
concern. For each country and category, Gartner estimates the
bug's distribution and impact. I've taken the liberty of assigning
numbers to these estimates:

Go visit NASA's magical telescope on the cosmos [32], a Web-based
simulator that lets you construct a custom view of many
solar-system objects from nearly any vantage point. The simulator grew
out of early work at Cal Tech by graphics.god Jim Blinn, who has
since moved on to Microsoft Research. (I recently heard this outfit
referred to as the twentieth century's intellectual roach motel:
the great minds check in but nothing ever comes out.)

Here's what Mars looked like from the NASA craft Mars98 about 7
hours before its too-final impact, from a distance of 50,177 km
[33].

Thanks to TBTF Irregular Gary Stock for pointing out this marvel of
the Web.

You've no doubt read about the steganographic identification data
printed, as an anti-counterfeiting measure, on every color copy
produced by (apparently) every color copier sold in the US. Lauren
Weinstein gave the issue wide exposure in the Privacy Forum [38]. He
investigated because I sent him a query and a couple of URLs. I
completely missed out on the scoop, though. It's the sort of thing
that keeps me humble.